MIBP-Cert: Certified Training against Data Perturbations with Mixed-Integer Bilinear Programs
This addresses the reliability of AI systems against evolving data perturbations, offering a principled approach rather than incremental empirical mitigations.
The paper tackles the problem of data errors, corruptions, and poisoning attacks during training by introducing MIBP-Cert, a certification method that provides provable robustness with sound, deterministic bounds, applicable to continuous and discrete data under complex threat models.
Data errors, corruptions, and poisoning attacks during training pose a major threat to the reliability of modern AI systems. While extensive effort has gone into empirical mitigations, the evolving nature of attacks and the complexity of data require a more principled, provable approach to robustly learn on such data - and to understand how perturbations influence the final model. Hence, we introduce MIBP-Cert, a novel certification method based on mixed-integer bilinear programming (MIBP) that computes sound, deterministic bounds to provide provable robustness even under complex threat models. By computing the set of parameters reachable through perturbed or manipulated data, we can predict all possible outcomes and guarantee robustness. To make solving this optimization problem tractable, we propose a novel relaxation scheme that bounds each training step without sacrificing soundness. We demonstrate the applicability of our approach to continuous and discrete data, as well as different threat models - including complex ones that were previously out of reach.